CVSS: 7.8EPSS: 0%CPEs: 2EXPL: 1CVE-2023-2609 – NULL Pointer Dereference in vim/vim
https://notcve.org/view.php?id=CVE-2023-2609
NULL Pointer Dereference in GitHub repository vim/vim prior to 9.0.1531. • https://github.com/vim/vim/commit/d1ae8366aff286d41e7f5bc513cc0a1af5130aad https://huntr.dev/bounties/1679be5a-565f-4a44-a430-836412a0b622 https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/PCLJN4QINITA3ZASKLEJ64C5TFNKELMO https://support.apple.com/kb/HT213844 https://support.apple.com/kb/HT213845 • CWE-476: NULL Pointer Dereference •
CVSS: 5.5EPSS: 0%CPEs: 4EXPL: 1CVE-2023-31489 – frr: incorrect length check in bgp_capability_llgr() can lead do DoS
https://notcve.org/view.php?id=CVE-2023-31489
An issue found in Frrouting bgpd v.8.4.2 allows a remote attacker to cause a denial of service via the bgp_capability_llgr() function. A flaw was found in frr that may allow a remote attacker to cause a denial of service via the bgp_capability_llgr function. • https://github.com/FRRouting/frr/issues/13098 https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/JLG64IF3FU7V76K4TKCCXVNEE6P2VUDO https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/LMJNX44SMJM25JZO7XWHDQCOB4SNJPIE https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/WXR6PIVY4SWO7HDT4EY733H4X32SCPM4 https://access.redhat.com/security/cve/CVE-2023-31489 https://bugzilla.redhat.com/show_bug.cgi?id=2238990 • CWE-125: Out-of-bounds Read •
CVSS: 6.5EPSS: 0%CPEs: 3EXPL: 1CVE-2023-29659
https://notcve.org/view.php?id=CVE-2023-29659
A Segmentation fault caused by a floating point exception exists in libheif 1.15.1 using crafted heif images via the heif::Fraction::round() function in box.cc, which causes a denial of service. • https://github.com/strukturag/libheif/issues/794 https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/CKAE6NQBA3Q7GS6VTNDZRZZZVPPEFUEZ https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/LGKHDCS4HRZE3UGXYYDYPTIPNIBRLQ5L • CWE-369: Divide By Zero •
CVSS: 7.5EPSS: 2%CPEs: 8EXPL: 0CVE-2023-2156 – Linux Kernel IPv6 RPL Protocol Reachable Assertion Denial-of-Service Vulnerability
https://notcve.org/view.php?id=CVE-2023-2156
A flaw was found in the networking subsystem of the Linux kernel within the handling of the RPL protocol. This issue results from the lack of proper handling of user-supplied data, which can lead to an assertion failure. This may allow an unauthenticated remote attacker to create a denial of service condition on the system. This vulnerability allows remote attackers to create a denial-of-service condition on affected installations of Linux Kernel. Authentication is not required to exploit this vulnerability. The specific flaw exists within the handling of the RPL protocol. • http://www.openwall.com/lists/oss-security/2023/05/17/8 http://www.openwall.com/lists/oss-security/2023/05/17/9 http://www.openwall.com/lists/oss-security/2023/05/18/1 http://www.openwall.com/lists/oss-security/2023/05/19/1 https://bugzilla.redhat.com/show_bug.cgi?id=2196292 https://lists.debian.org/debian-lts-announce/2023/08/msg00001.html https://security.netapp.com/advisory/ntap-20230622-0001 https://www.debian.org/security/2023/dsa-5448 https:// • CWE-617: Reachable Assertion •
CVSS: 9.8EPSS: 0%CPEs: 6EXPL: 0CVE-2023-31047 – python-django: Potential bypass of validation when uploading multiple files using one form field
https://notcve.org/view.php?id=CVE-2023-31047
In Django 3.2 before 3.2.19, 4.x before 4.1.9, and 4.2 before 4.2.1, it was possible to bypass validation when using one form field to upload multiple files. This multiple upload has never been supported by forms.FileField or forms.ImageField (only the last uploaded file was validated). However, Django's "Uploading multiple files" documentation suggested otherwise. A bypass of validation flaw was found in python-django. When uploading multiple files using one form field, an attacker could upload multiple files without validation due to the server only validating the last file uploaded. • https://docs.djangoproject.com/en/4.2/releases/security https://groups.google.com/forum/#%21forum/django-announce https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/A45VKTUVQ2BN6D5ZLZGCM774R6QGFOHW https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/DNEHD6N435OE2XUFGDAAVAXSYWLCUBFD https://security.netapp.com/advisory/ntap-20230609-0008 https://www.djangoproject.com/weblog/2023/may/03/security-releases https://access.redhat.com/security/ • CWE-20: Improper Input Validation •